Over 100 Chrome extensions break WhatsApp’s anti-spam rules

Recent research by Socket’s Threat Research Team uncovered a massive, coordinated campaign flooding the Chrome Web Store with 131 spamware extensions. These add-ons hijack WhatsApp Web—the browser version of WhatsApp—to automate bulk messages and skirt anti-spam controls. Spamware is software tha...

EUVD-2025-35385

Improper Control of Generation of Code 'Code Injection' vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through = 250905...

EUVD-2025-35419

Improper Control of Generation of Code 'Code Injection' vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through = 7.8.3...

EUVD-2025-35445

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

EUVD-2025-35479

Improper Control of Generation of Code 'Code Injection' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through = 1.9.2...

EUVD-2025-35532

Improper Control of Generation of Code 'Code Injection' vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through = 3.25...

CVE-2025-62023

Improper Control of Generation of Code 'Code Injection' vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through = 250905...

CVE-2025-60206

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through = 7.8.3...

CVE-2025-58970

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

CVE-2025-52756

Improper Control of Generation of Code 'Code Injection' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through = 1.9.4...

CVE-2025-49926

Improper Control of Generation of Code 'Code Injection' vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through = 3.25...

CVE-2025-62023

CVE-2025-62023 corresponds to a WordPress s2Member plugin vulnerability (versions up to 250905) described as an improper generation of code leading to remote code execution (code injection). The CVE documents list a critical impact (CVSS v3.1 base score 9.8) with unauthenticated access mogelijk v...

CVE-2025-62023 WordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through = 250905...

CVE-2025-60206 WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through = 7.8.3...

CVE-2025-60206 WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through = 7.8.3...

CVE-2025-60206

CVE-2025-60206 refers to a code injection vulnerability in Bearsthemes WordPress Alone theme (Alone) that enables remote code execution. Affected: Alone theme versions up to and including 7.8.3. Root cause: improper control of code generation leading to code injection. Impact: high severity with ...

CVE-2025-58970 WordPress Doctreat theme <= 1.6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

CVE-2025-52756

The CVE-2025-52756 entry describes a Remote Code Inclusion/Execution vulnerability in the WordPress plugin WP Last Modified Info. Affected versions are listed as

CVE-2025-52756 WordPress WP Last Modified Info plugin <= 1.9.4 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through = 1.9.4...

CVE-2025-52756 WordPress WP Last Modified Info plugin <= 1.9.4 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through = 1.9.4...